lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <40461CE0.30308@onryou.com> From: lists2 at onryou.com (Cael Abal) Subject: Backdoor not recognized by Kaspersky -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Cael...take a more sensible approach...no password parsing to scan > needed...have the AV/mail gateways stop any zip with any executable > inside. You don't need to use the password to see that there is an > .exe/.scr/.com/.whatever inside a zip. You see it, you nuke the zip. > If your policies allow zipped executables to meander through your mail > system as long as they pass a virues scan, you must have damned busy 0 > days. This ain't complicated...at all. Hi Bart, Interesting suggestion but I'm not prepared to arbitrarily kill any zipped executable (even just those which have been passworded). I'm just not comfortable with the false-positives. Historically, passworded .zip files have been the only remotely acceptable way to e-mail executables. I'm hesitant to give that up. I'd still rather allow all passworded .zips and rely on the client's AV to nab it. take care, Cael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQFARhzgR2vQ2HfQHfsRAs3cAKCadpIZHrs4IAekAgzsH9lA9+V1tgCeJKLt xeNUFGPnYnBA9kZXKIFOFas= =/9B3 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists